package com.hqyj.mana.aop;

import javax.servlet.http.HttpServletRequest;

import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import com.hqyj.mana.exception.RightsException;

@Aspect
@Component
public class UserAuthorizeAspect {
	@Pointcut("execution(public * com.hqyj.mana.controller.UserManagementController.*(..))")
	  public void areaPowerPointcut() {
	    // Method is empty as this is just a Pointcut, the implementations are in the advices.
	}
	@Before("areaPowerPointcut()")
	public void doVerify() throws Exception{
		ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
		HttpServletRequest request = attr.getRequest();
		if(request.getSession().getAttribute("CURRENT_USER")==null){
			throw new RightsException("沒有权限");
		}else{
			String roleId = String.valueOf(request.getSession().getAttribute("CURRENT_USER"));
			System.out.println(roleId);
			if(roleId.equals("1")){
				
			}else{
				throw new RightsException("沒有权限");
			}
		}
	}
}
